Linux.Cdorked.a How do we defend against it?

From: Rod-Lists 
------------------------------------------------------
http://www.net-security.org/secworld.php?id=14882

=============================================================== From: David White ------------------------------------------------------ A few things. 1. I just joined (I should have done this a long time ago) the Apache Server Announcements list, which is used to announce "major releases and other important information" about Apache: http://httpd.apache.org/lists.html#http-announce. Probably wouldn't do any good in this case, but this will be a good way for me to keep abreast with releases. I'm hoping they issue security bulletins through this too, but I don't know. 2. Here is ESET's blog post / analysis of the backdoor. They've also provided a tool written in C that system administrators can use to see if they are affected: http://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/ Copy the code and read the comments at the top of http://www.welivesecurity.com/wp-content/uploads/2013/04/dump

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

=============================================================== From: David White ------------------------------------------------------ Indeed. I should have pointed that out - and thanks for the updated blog post URL. I only use Apache (for now, anyway), but that's good info, none-the-less.

=============================================================== From: Rod-Lists ------------------------------------------------------ exactly I'm getting ready try my hand with nginx. How do deal with this? ps how come I got dave's reply first? ----- Original Message -----

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Email is neither reliable nor instantaneous....except when it is... :) Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRjFC9AAoJEMP+wtEOVbcd0f0H/1sH1SR9rkJSEw2vt7ilbpgt 7vxLc/SHbALEvwKUj8taxO1FeaEza0vBDrRXWN+yP/s89O/Tfn5DJ27ah9y9Gu2M 8p8pIRuIad20amxkPN9BUiMfc+pY111WkGfLjkHMBozTGRlYQyz2YIJcV4OhpjoW LYRzeQ9usuhcRwSqRoIZmi7JZZu5GbPbEzQnb1aui0bdVOO6IByOXNFGzE7qSxOT D3DZIngr/KpaknEh4/7vfr9j0OvE43COjzaaVsDTZ0fEs4hEq7fWpocXjkc1GsN9 yV31gwTuN2EncLZ8bCmJHseWuCVh0FZjWOmlcvDABVY7sf5tw5nZgF3gwvOsnz0= =/ePu -----END PGP SIGNATURE-----

=============================================================== From: David White ------------------------------------------------------ ... or maybe EPB is blocking (or blacklisting) gmail. =)

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 List mail doesn't come from EPB or Gmail btw :) Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRjFUDAAoJEMP+wtEOVbcdO2oIAIUFhKdDKdhAE2KOKVMYqB8L qHucOShdCQ43ko3RbI20YvztxAydiSyx4A05NiNDbOrDxUCmxpDfpRGAHzMXDlDT fqxkhV/lbmfzbJxx0k/FGlU/MI9FArMuh8hQsTOO0TTtfZR4Pf/QFItXVla8XNrc NzJARenZUraRsPKA+DIv3JZmrj+61x/F3HAUrKJD8J0naoENgpKfP28BJYW84fYy x1uVnc+3rQxbBxax1FIiLmW2fVzvHEax4kRLqbjIMo5O1Jrb+yn6NY/z/P8hFG8Z XKRkIEIDDquU0cm4mIlwcQcicuQZ7+Negp2muy6nZkX3x/fyw7dY3nlXs0snNGQ= =JqRq -----END PGP SIGNATURE-----

=============================================================== From: David White ------------------------------------------------------ I'm sending from gmail and he has an EPB address... but your right. On second thought, that was a stupid, moot point because, as you said, list email isn't coming *from* either of those places. :)